Fake Microsoft Patch Tuesday email includes Zeus Trojan

This site may earn affiliate commissions from the links on this page. Terms of use.

The Websense Security Labs ThreatSeeker network recently reported on something fishy floating around the web. There are emails going around that claim to be a security update from Microsoft. Some recipients may think this is a Patch Tuesday update, but don’t be fooled, it’s actually a fake Patch Tuesday email.

The scam that has been circulating claims to have details about a “critical security update” from Microsoft. The email says Microsoft has issued a “high-priority” security fix for Windows that can be downloaded through the link provided in the email. The email says that the update will prevent hackers from harming you by obtaining access to your computer files. This is obviously ironic since that’s what the cybercriminals are actually trying to do here.

The fake patch attachment will actually infect your machine with a variant of the Zeus Trojan. This particular trojan can steal important information, like your banking details, using keystroke logging and form grabbing. Though the emails started appearing on May 6, there were a slew of them noticed on Tuesday. The message subject is: “URGENT: Critical Security Update.”

We feel like our readers are smart enough not to need this reminder, but it’s always important to never open attachments in an email from an unknown sender. Though the email may look legit, it’s always good to check back with the company who sent it to you, in this case, Microsoft.